Abstract:
This thesis comprehensively evaluates the security of OWL-live.de, a digital platform for managing and promoting cultural events in the Ostwestfalen-Lippe region. The primary goal of this study is to identify potential security vulnerabilities and recommend effective countermeasures. Using a hybrid approach that combines automated and manual penetration testing, guided by the OWASP Web Security Testing Guidelines (WSTG), the evaluation uncovers critical security weaknesses in areas such as input validation, authentication, and session management.
The findings reveal several vulnerabilities, including injection risks, improper session handling, lack of rate limiting, and insecure configurations, which could lead to unauthorized access, data breaches, or service disruptions. These vulnerabilities are analyzed in depth, and practical countermeasures are proposed to mitigate the identified risks. The results of this evaluation offer valuable insights into OWLlive.de’s security posture, aiming to enhance the platform’s security and build trust for both users and event organizers.